What is /tmp/passwd-reset.sh ?
I am having many error messages from CSF (ConfigServer Firewall) which read the following
and
Now to me .sh files in the /tmp/ folder seems unusual and suspicious, however are these leftover from the original cPanel or Centos install on the server perhaps? Seen as they are owned by Centos. Thanks
Time: Fri Dec 15 20:03:02 2017 +0000
File: /tmp/passwd-reset.sh
Reason: Script, file extension
Owner: centos:centos (1000:1000)
Action: No action takenand
Time: Fri Dec 15 20:03:02 2017 +0000
File: /tmp/install.sh
Reason: Script, file extension
Owner: centos:centos (1000:1000)
Action: No action takenNow to me .sh files in the /tmp/ folder seems unusual and suspicious, however are these leftover from the original cPanel or Centos install on the server perhaps? Seen as they are owned by Centos. Thanks
-
however are these leftover from the original cPanel or Centos install on the server perhaps?
Not that I'm aware of. You might want to move it out of temp and take a closer look at it. Note the date and timestamp on it as well in case you need it later.0 -
Looking into it... install.sh looks legit. Looks like the original cPanel install file... #! /bin/sh METADATA_HOST="IP" METADATA_HOSTNAME_URI="http://$METADATA_HOST/latest/meta-data/local-hostname" METADATA_HOSTNAME_FILE="/tmp/hostname" CPANEL_VERSION="current" CPANEL_INSTALLER_URI="https://securedownloads.cpanel.net/latest" CPANEL_INSTALLER_FILE="/root/latest" CPANEL_UPDATE_FILE="/scripts/upcp" die() { echo $@ 1>&2 exit 1 } if [ -n "$1" ]; then CPANEL_VERSION="$1" echo "CPANEL=$CPANEL_VERSION" | sudo tee /etc/cpupdate.conf >/dev/null fi if ! sudo curl -o "$CPANEL_INSTALLER_FILE" "$CPANEL_INSTALLER_URI"; then die "Failed to download $CPANEL_INSTALLER_URI to $CPANEL_INSTALLER_FILE" fi for package in xz-compat-libs; do if ! sudo yum install -y "$package"; then die "Unable to install requisite package $package" fi done if ! curl -s -o "$METADATA_HOSTNAME_FILE" "$METADATA_HOSTNAME_URI"; then die "Failed to fetch hostname from $METADATA_HOSTNAME_URI" fi if ! sudo /bin/hostname -F "$METADATA_HOSTNAME_FILE"; then die "Failed to set hostname to `cat $METADATA_HOSTNAME_FILE`" rm "$METADATA_HOSTNAME_FILE" else rm "$METADATA_HOSTNAME_FILE" fi if ! sudo sh "$CPANEL_INSTALLER_FILE"; then die "Failed to install cPanel." fi if ! sudo sh "$CPANEL_UPDATE_FILE" --force; then die "Failed to update cPanel to latest." fi # # Ensure cPanel updates are not locked to the version explicitly specified for # this build. # if [ -n "$1" ]; then CPANEL_VERSION="`echo $1 | cut -d . -f 1,2`" echo "CPANEL=$CPANEL_VERSION" | sudo tee /etc/cpupdate.conf >/dev/null fi
as for the passwd-reset.sh I am not sure... can anybody shed some light on this please?#! /bin/sh for username in root vagrant centos fedora ec2-user; do if grep "^$username:" /etc/passwd; then passwd -l $username || true fi done
Thanks0 -
Hello, Those files are not provided by cPanel, but you may want to check with your data center or hosting provider to see if those files were included as part of the image or template used to setup your server. Thank you. 0 -
Hello, Those files are not provided by cPanel, but you may want to check with your data center or hosting provider to see if those files were included as part of the image or template used to setup your server. Thank you.
Thanks Michael, it's a AWS AMI from... AWS Marketplace: cPanel & WHM for Linux Just for reference if anybody is wanting to run cPanel via AWS this is a pre-installed installation to get you up and running I came across...0 -
Last script just looks to lock the passwords for those unused users (or perhaps used, but should never be logged into directly), likely for security reasons. -l, --lock Lock the password of the named account. This option disables a password by changing it to a value which matches no possible encrypted value (it adds a "!" at the beginning of the password). Note that this does not disable the account. The user may still be able to login using another authentication token (e.g. an SSH key). To disable the account, administrators should use usermod --expiredate 1 (this set the account's expire date to Jan 2, 1970). Users with a locked password are not allowed to change their password.0
Please sign in to leave a comment.
Comments
5 comments